Jump to content
newguy

Google Redirect - McAfee/MBAM won't scan

Recommended Posts

Before you run combofix, did you change this back to Obtian DNS automaticly?

That's good. My guess is that your router is not set right to obtain DNS information from your ISP. You should check the settings on your router or try resetting it to factory defaults (make sure to put a good password on it after a reset)

Try adding that IP address as your DNS provider in your network settings.

Open your control panel, Network and Internet Connections. (pick a Control Panel icon) Network Connections. Find your network card and right click and select Properties.

Scroll down to the Internet Protocol (TCP/IP) and choose Properties on it.

Leave the Obtain an IP address automatically selected. In the bottom portion though change that from automatic to Use the following DNS server addresses

Then input the following IP addresses in there.

8.8.8.8

8.8.4.4

Then click OK, Close. Then right click and choose Repair.

set_google_dns.png

Then open Internet Explorer and go to Tools/Internet Options/Advanced and click on the Reset button and then quit IE.

Now launch IE again and see if you can now browse the Internet okay.

Share this post


Link to post
Share on other sites

  1. Enter your Control Panel and double-click on Network Connections
  2. Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.

[*]Right click on Properties

[*]Double-Click on the Internet Protocol (TCP/IP) item

[*]Select the radio dial that says Obtain DNS Servers Automatically

[*]Press OK twice to get out of the properties screen

Share this post


Link to post
Share on other sites

I took out the Snapshot items

Downloaded new version of ComboFix.

ComboFix hung before backing up the registry on first attempt to run, ("attempting to create a system restore point.")

Rebooted and reran ComboFix.

Combofix could not find the internet connection.

Editor is telling me that the post is too long. I'll attach the log.

ComboFix 11-10-19.06 - User 10/19/2011 19:41:25.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.692 [GMT -4:00]

Running from: c:\documents and settings\User.D6WZS771\Desktop\ComboFix.exe

FW: McAfee Personal Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))

.

.

2011-10-19 22:33 . 2004-08-04 10:00 359040 ----a-w- C:\tcpip.sys

2011-10-18 22:35 . 2001-08-18 02:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll

2011-10-18 22:35 . 2001-08-18 02:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll

2011-10-18 22:34 . 2004-08-04 10:00 66113 ----a-w- c:\windows\system32\dllcache\shvl.dll

2011-10-18 22:32 . 2001-08-17 17:51 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys

2011-10-18 22:31 . 2004-08-04 02:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys

2011-10-18 22:30 . 2001-08-17 17:28 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys

2011-10-18 22:29 . 2008-04-13 23:10 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll

2011-10-18 22:28 . 2001-08-17 18:05 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys

2011-10-18 22:28 . 2001-08-17 18:05 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys

2011-10-18 22:28 . 2001-08-17 18:05 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys

2011-10-18 22:28 . 2001-08-17 17:28 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys

2011-10-18 22:28 . 2001-08-17 16:12 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys

2011-10-18 22:28 . 2001-08-17 16:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys

2011-10-18 22:28 . 2001-08-17 16:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys

2011-10-18 22:28 . 2008-04-13 17:46 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys

2011-10-18 22:28 . 2001-08-17 16:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys

2011-10-18 22:28 . 2001-08-18 02:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll

2011-10-18 22:28 . 2001-08-18 02:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll

2011-10-18 22:28 . 2001-08-17 16:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys

2011-10-18 22:28 . 2001-08-17 17:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys

2011-10-18 22:26 . 2001-08-17 16:11 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys

2011-10-18 22:26 . 2001-08-17 17:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys

2011-10-18 22:26 . 2001-08-18 02:36 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll

2011-10-18 22:26 . 2001-08-17 17:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys

2011-10-18 22:26 . 2001-08-18 02:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll

2011-10-18 22:26 . 2001-08-17 17:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys

2011-10-18 22:26 . 2001-08-17 16:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys

2011-10-18 22:26 . 2008-04-13 17:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys

2011-10-18 22:26 . 2008-04-13 17:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2011-10-18 22:26 . 2001-08-17 17:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys

2011-10-18 22:26 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys

2011-10-18 22:25 . 2008-04-13 17:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2011-10-18 22:25 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys

2011-10-18 22:25 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys

2011-10-18 22:25 . 2008-04-13 17:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys

2011-10-18 22:25 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys

2011-10-18 22:25 . 2001-08-17 17:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys

2011-10-18 22:23 . 2001-08-17 16:11 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys

2011-10-18 22:22 . 2001-08-17 17:47 13056 ----a-w- c:\windows\system32\dllcache\inport.sys

2011-10-18 22:21 . 2001-08-17 16:11 28700 ----a-w- c:\windows\system32\dllcache\ibmexmp.sys

2011-10-18 22:21 . 2004-08-04 02:29 161020 ----a-w- c:\windows\system32\dllcache\i81xnt5.sys

2011-10-18 22:21 . 2008-04-13 23:11 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll

2011-10-18 22:21 . 2001-08-17 16:49 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys

2011-10-18 22:21 . 2001-08-17 18:56 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll

2011-10-18 22:21 . 2001-08-17 17:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys

2011-10-18 22:19 . 2001-08-18 02:36 89088 ----a-w- c:\windows\system32\dllcache\hpgt33.dll

2011-10-18 22:18 . 2001-08-17 16:14 441728 ----a-w- c:\windows\system32\dllcache\fpcmbase.sys

2011-10-18 22:17 . 2001-08-18 02:36 61952 ----a-w- c:\windows\system32\dllcache\eqnloop.exe

2011-10-18 22:16 . 2001-08-17 16:12 28062 ----a-w- c:\windows\system32\dllcache\dp83820.sys

2011-10-18 22:15 . 2001-08-17 16:12 63208 ----a-w- c:\windows\system32\dllcache\dc21x4.sys

2011-10-18 22:14 . 2004-08-04 10:00 780885 ----a-w- c:\windows\system32\dllcache\chkrres.dll

2011-10-18 22:13 . 2001-08-17 17:12 12160 ----a-w- c:\windows\system32\dllcache\brfiltlo.sys

2011-10-18 22:12 . 2008-04-13 17:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys

2011-10-18 22:11 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-10-13 00:19 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-13 00:19 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\dllcache\afd.sys

2011-10-12 00:44 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers.afd.sys

2011-10-11 00:47 . 2011-10-19 23:34 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-05 02:00 . 2011-10-05 02:02 -------- d-----w- C:\ec6d5436e57c123f0a81322d9f

2011-10-04 05:23 . 2011-10-04 05:23 -------- d-----w- c:\windows\system32\CatRoot_bak

2011-09-26 00:37 . 2011-09-26 00:37 -------- d-----w- c:\program files\Safer Networking

2011-09-25 23:47 . 2011-09-26 00:00 -------- d-----w- C:\70503CBE

2011-09-25 19:10 . 2011-09-25 19:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-25 19:10 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-25 18:02 . 2011-10-04 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-09-25 18:02 . 2011-09-25 18:03 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-25 17:45 . 2011-09-25 19:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-25 17:43 . 2011-09-25 17:43 -------- d-----w- c:\documents and settings\User.D6WZS771\Application Data\Malwarebytes

2011-09-25 17:43 . 2011-09-25 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 00:18 . 2011-05-28 18:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-05 22:45 . 2011-03-31 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-04_06.31.12 )))))))))))))))))))))))))))))))))))))))))

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniMavis.lnk

backup=c:\windows\pss\MiniMavis.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]

2004-11-10 19:36 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLBTCATS]

2004-11-09 21:41 69632 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlbttime.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2005-04-09 04:28 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 02:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 23:15 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2004-01-07 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]

2010-03-16 20:28 4281584 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/25/2011 3:10 PM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/25/2011 3:10 PM 22216]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [9/20/2010 6:53 PM 684032]

S3 cpuz130;cpuz130;\??\c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB

FF - ProfilePath - c:\documents and settings\User.D6WZS771\Application Data\Mozilla\Firefox\Profiles\pd9d5dol.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-19 19:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1108)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2011-10-19 19:55:04

ComboFix-quarantined-files.txt 2011-10-19 23:54

.

Pre-Run: 16,940,453,888 bytes free

Post-Run: 16,928,477,184 bytes free

.

- - End Of File - - 54EC4A1DBC7385FB9EB9EA7522575794

log.txt

Share this post


Link to post
Share on other sites

I think it was removed when I uninstalled the "Security Center" earlier. It is not listed in the Add/Remove programs list and there is only an empty folder in the C:\Program Files folder.

I have Ccleaner installed and I ran it and let it check the registry. There are still many McAfee instances listed. Should I let it clean these up, (it will back up the registry first)?

Share this post


Link to post
Share on other sites
There are still many McAfee instances listed. Should I let it clean these up
Yes. We don't have anything to lose at this point.

Share this post


Link to post
Share on other sites

Did you reboot after doing that?

type the following command in Start, Run dialog:

CMD /K SC QC DHCP

tap enter.

Give me the output

Share this post


Link to post
Share on other sites

OK, here are the results:

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: dhcp

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs

LOAD_ORDER_GROUP : TDI

TAG : 0

DISPLAY_NAME : DHCP Client

DEPENDENCIES : Tcpip

: Afd

: NetBT

SERVICE_START_NAME : LocalSystem

C:\Documents and Settings\User.D6WZS771>

Share this post


Link to post
Share on other sites

Can you copy the tcpip.sys from your working pc over to the infected one?

C:\WINDOWS\system32\drivers\tcpip.sys

Share this post


Link to post
Share on other sites

Lets try this.

It appears you have a Dell pc.

Go to Dell downloads for you model.

try downloading full updated NIC driver install package and the Intel chipset driver.

Then gp into Device Manager > Network Adaptors and remove the entire network card from device manager and reboot.

Then install the Intel Chipset driver and the Nic driver package again

Share this post


Link to post
Share on other sites

I was finally able to run MBAM. I had to uninstall and reinstall it. Then I downloaded the new rules and updated before I ran a full scan.

It found two infected registry keys and deleted them. I will attache the log to this post.

Still no connection.

I'll try to download the drivers from Dell now.

Here is the DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Run by User at 20:37:15 on 2011-10-20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.654 [GMT -4:00]

.

FW: McAfee Personal Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Verizon\VSP\ServicepointService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user.d6wzs771\application data\mozilla\firefox\profiles\pd9d5dol.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

============= SERVICES / DRIVERS ===============

.

R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-9-20 684032]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-9 136176]

S3 cpuz130;cpuz130;\??\c:\docume~1\user~1.d6w\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user~1.d6w\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-9 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

=============== Created Last 30 ================

.

2011-10-20 18:23:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-20 18:23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-19 23:18:25 98816 ----a-w- c:\windows\sed.exe

2011-10-19 23:18:25 518144 ----a-w- c:\windows\SWREG.exe

2011-10-19 23:18:25 256000 ----a-w- c:\windows\PEV.exe

2011-10-19 23:18:25 208896 ----a-w- c:\windows\MBR.exe

2011-10-19 22:33:04 359040 ----a-w- C:\tcpip.sys

2011-10-18 22:41:20 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys

2011-10-18 22:41:15 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys

2011-10-18 22:41:10 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys

2011-10-18 22:39:59 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys

2011-10-18 22:38:58 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll

2011-10-18 22:37:56 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll

2011-10-18 22:36:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll

2011-10-18 22:35:56 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll

2011-10-18 22:34:59 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys

2011-10-18 22:33:42 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys

2011-10-18 22:32:57 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys

2011-10-18 22:31:58 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys

2011-10-18 22:30:56 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys

2011-10-18 22:29:57 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll

2011-10-18 22:28:59 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys

2011-10-18 22:28:56 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys

2011-10-18 22:28:52 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys

2011-10-18 22:28:48 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys

2011-10-18 22:28:45 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys

2011-10-18 22:28:41 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys

2011-10-18 22:28:37 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys

2011-10-18 22:28:31 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys

2011-10-18 22:28:21 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys

2011-10-18 22:28:17 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll

2011-10-18 22:28:04 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys

2011-10-18 22:28:04 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll

2011-10-18 22:28:01 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys

2011-10-18 22:26:58 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys

2011-10-18 22:26:55 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys

2011-10-18 22:26:52 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll

2011-10-18 22:26:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys

2011-10-18 22:26:46 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll

2011-10-18 22:26:43 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys

2011-10-18 22:26:38 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys

2011-10-18 22:26:18 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys

2011-10-18 22:26:17 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2011-10-18 22:26:11 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys

2011-10-18 22:26:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys

2011-10-18 22:25:57 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2011-10-18 22:25:33 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys

2011-10-18 22:25:30 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys

2011-10-18 22:25:28 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys

2011-10-18 22:25:17 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys

2011-10-18 22:25:01 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys

2011-10-18 22:23:57 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys

2011-10-18 22:22:58 13056 ----a-w- c:\windows\system32\dllcache\inport.sys

2011-10-18 22:21:57 28700 ----a-w- c:\windows\system32\dllcache\ibmexmp.sys

2011-10-18 22:21:56 161020 ----a-w- c:\windows\system32\dllcache\i81xnt5.sys

2011-10-18 22:21:55 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll

2011-10-18 22:21:52 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys

2011-10-18 22:21:50 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll

2011-10-18 22:21:00 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys

2011-10-18 22:19:59 89088 ----a-w- c:\windows\system32\dllcache\hpgt33.dll

2011-10-18 22:18:59 441728 ----a-w- c:\windows\system32\dllcache\fpcmbase.sys

2011-10-18 22:17:59 61952 ----a-w- c:\windows\system32\dllcache\eqnloop.exe

2011-10-18 22:16:57 28062 ----a-w- c:\windows\system32\dllcache\dp83820.sys

2011-10-18 22:15:59 63208 ----a-w- c:\windows\system32\dllcache\dc21x4.sys

2011-10-18 22:14:55 780885 ----a-w- c:\windows\system32\dllcache\chkrres.dll

2011-10-18 22:13:59 2944 ----a-w- c:\windows\system32\dllcache\brfilt.sys

2011-10-18 22:12:59 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys

2011-10-18 22:11:44 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-10-13 00:19:44 138112 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-13 00:19:44 138112 ----a-w- c:\windows\system32\dllcache\afd.sys

2011-10-12 00:44:32 138112 ----a-w- c:\windows\system32\drivers.afd.sys

2011-10-11 00:47:34 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-05 02:00:30 -------- d-----w- C:\ec6d5436e57c123f0a81322d9f

2011-10-04 05:23:48 -------- d-----w- c:\windows\system32\CatRoot_bak

2011-10-04 04:13:25 -------- d-----w- c:\windows\setup.pss

2011-09-25 23:47:39 -------- d-----w- C:\70503CBE

2011-09-25 18:02:28 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-25 18:02:28 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-09-25 17:43:39 -------- d-----w- c:\documents and settings\user.d6wzs771\application data\Malwarebytes

2011-09-25 17:43:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

.

==================== Find3M ====================

.

2011-08-12 00:18:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 20:37:31.00 ===============

attach.zip

mbam-log-2011-10-20 (20-29-32).txt

Share this post


Link to post
Share on other sites

I was able to install the Windows Recovery Console from the Windows CD.

Should I try to run ComboFix again?

Share this post


Link to post
Share on other sites

I had another user I was helping and he did this;

To fix the problem, you have to replace TCPIP.SYS with a good copy. Reinstalling Windows will not allow you to replace it. Starting in Safe Mode Command Prompt won't give you the ability to rename or delete TCPIP.SYS. Starting Windows from the CD and using the Repair Console will also fail unless you follow this set of steps.

1. Get a copy of TCPIP.SYS by searching "TCPIP.SYS" on your machine, looking in hidden files and folders. You'll get a bunch of hits. Right click the files and check the preferences to get the most recent version that has Revision data from Microsoft. The one in C:\windows\system32\drivers is not gonna have any file data associated with it, even though it is exactly the same size as the good file.

2. Put the copy of TCPIP.SYS on the root of your C: drive. I had a problem when I made a folder for it, so I recommend just copying it directly to root.

3. Restart your computer with a Windows XP CD (WIN2000 would also work, I think) and select the Repair console function. Log in as Administrator (better know your administrator password!).

4.Navigate to C:\windows\system32\drivers. You will be able to see the TCPIP.SYS file there is you type in DIR, but you won't be able to delete or rename it.

5. Type in "CHKDSK /P". This runs a disk check on your hard drive and fixes errors whether the System thinks you need it or not.

6. Type "del TCPIP.SYS" and press Return.

7. Type in "CHKDSK /P" and run the disk check again (yes, I tried to do do this without this step the first time and it didn't work).

8. Type in "copy C:\TCPIP.SYS". You should get a message that this completed correctly.

9. Type in "CHKDSK /P" one last time just to be sure (I didn't confirm that this was required, but why waste all the previous effort?)

10. Type in "Exit" and let the computer restart. Your internet access should be restored, the Windows Firewall will work, and ipconfig should be able to config IP.

Share this post


Link to post
Share on other sites

OK, copied tcpip.sys from working system to infected system using the steps provided.

Still no change.

I checked the version of the tcpip.sys file after I tried the connection and it does appear to be the new version that I copied.

Share this post


Link to post
Share on other sites

Lets do this again

Right Click on My Computer > Properties > Hardware > Device Manager > Network Adaptors

Right Click on every adaptor listed and Select uninstall.

Reboot and let Windows re-install them

Share this post


Link to post
Share on other sites

Looking at the back of the computer where the cable plugs into the network card, are you seeing any led activity on the card?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.